You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Federico Petronio <pe...@activesec.biz> on 2004/09/23 16:12:41 UTC
[users@httpd] Security patches for 2.0.50
Hello, I planed to update Apache-2.0.50 with the recent security patches
(http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/) but today I
saw that there are some new ones that applies ONLY to 2.0.51
My question is, if I fist apply the security patches for 2.0.50, then
should I apply the patch for 2.0.51 too? or the vulnerable code in
2.0.51 is not present in the patch to 2.0.50?
Thank you!
--
Federico Petronio
petrus@activesec.biz
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Security patches for 2.0.50
Posted by Joshua Slive <js...@gmail.com>.
On Thu, 23 Sep 2004 11:12:41 -0300, Federico Petronio
<pe...@activesec.biz> wrote:
> Hello, I planed to update Apache-2.0.50 with the recent security patches
> (http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/) but today I
> saw that there are some new ones that applies ONLY to 2.0.51
>
> My question is, if I fist apply the security patches for 2.0.50, then
> should I apply the patch for 2.0.51 too? or the vulnerable code in
> 2.0.51 is not present in the patch to 2.0.50?
The patch for 2.0.51 fixes a regression, meaning the problem didn't
exist in 2.0.50.
But it would probably be better to just use 2.0.51+patch. Then you
will get a bunch of other fixes that aren't security-related.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org